// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "net/quic/quic_crypto_server_stream.h"

#include <map>
#include <memory>
#include <vector>

#include "base/stl_util.h"
#include "net/quic/crypto/aes_128_gcm_12_encrypter.h"
#include "net/quic/crypto/crypto_framer.h"
#include "net/quic/crypto/crypto_handshake.h"
#include "net/quic/crypto/crypto_protocol.h"
#include "net/quic/crypto/crypto_utils.h"
#include "net/quic/crypto/quic_crypto_server_config.h"
#include "net/quic/crypto/quic_decrypter.h"
#include "net/quic/crypto/quic_encrypter.h"
#include "net/quic/crypto/quic_random.h"
#include "net/quic/quic_crypto_client_stream.h"
#include "net/quic/quic_flags.h"
#include "net/quic/quic_protocol.h"
#include "net/quic/quic_session.h"
#include "net/quic/test_tools/crypto_test_utils.h"
#include "net/quic/test_tools/delayed_verify_strike_register_client.h"
#include "net/quic/test_tools/quic_crypto_server_config_peer.h"
#include "net/quic/test_tools/quic_test_utils.h"
#include "testing/gmock/include/gmock/gmock.h"
#include "testing/gtest/include/gtest/gtest.h"

namespace net {
class QuicConnection;
class ReliableQuicStream;
} // namespace net

using std::pair;
using std::string;
using testing::_;

namespace net {
namespace test {

    class QuicCryptoServerStreamPeer {
    public:
        static bool DoesPeerSupportStatelessRejects(
            const CryptoHandshakeMessage& message)
        {
            return net::QuicCryptoServerStream::DoesPeerSupportStatelessRejects(
                message);
        }
    };

    namespace {

        const char kServerHostname[] = "test.example.com";
        const uint16_t kServerPort = 443;

        class QuicCryptoServerStreamTest : public ::testing::TestWithParam<bool> {
        public:
            QuicCryptoServerStreamTest()
                : server_crypto_config_(QuicCryptoServerConfig::TESTING,
                    QuicRandom::GetInstance(),
                    CryptoTestUtils::ProofSourceForTesting())
                , server_compressed_certs_cache_(
                      QuicCompressedCertsCache::kQuicCompressedCertsCacheSize)
                , server_id_(kServerHostname, kServerPort, PRIVACY_MODE_DISABLED)
                , client_crypto_config_(CryptoTestUtils::ProofVerifierForTesting())
            {
                FLAGS_enable_quic_stateless_reject_support = false;
                server_crypto_config_.set_strike_register_no_startup_period();
            }

            void Initialize()
            {
                InitializeServer();

                if (AsyncStrikeRegisterVerification()) {
                    QuicCryptoServerConfigPeer peer(&server_crypto_config_);
                    strike_register_client_ = new DelayedVerifyStrikeRegisterClient(
                        10000, // strike_register_max_entries
                        static_cast<uint32_t>(
                            server_connection_->clock()->WallNow().ToUNIXSeconds()),
                        60, // strike_register_window_secs
                        peer.GetPrimaryConfig()->orbit,
                        StrikeRegister::NO_STARTUP_PERIOD_NEEDED);
                    strike_register_client_->StartDelayingVerification();
                    server_crypto_config_.SetStrikeRegisterClient(strike_register_client_);
                }
            }

            ~QuicCryptoServerStreamTest() override
            {
                // Ensure that anything that might reference |helpers_| is destroyed before
                // |helpers_| is destroyed.
                server_session_.reset();
                client_session_.reset();
                STLDeleteElements(&helpers_);
                STLDeleteElements(&alarm_factories_);
            }

            // Initializes the crypto server stream state for testing.  May be
            // called multiple times.
            void InitializeServer()
            {
                TestQuicSpdyServerSession* server_session = nullptr;
                helpers_.push_back(new MockQuicConnectionHelper);
                alarm_factories_.push_back(new MockAlarmFactory);
                CreateServerSessionForTest(
                    server_id_, QuicTime::Delta::FromSeconds(100000), supported_versions_,
                    helpers_.back(), alarm_factories_.back(), &server_crypto_config_,
                    &server_compressed_certs_cache_, &server_connection_, &server_session);
                CHECK(server_session);
                server_session_.reset(server_session);
                CryptoTestUtils::FakeServerOptions options;
                options.token_binding_enabled = true;
                CryptoTestUtils::SetupCryptoServerConfigForTest(
                    server_connection_->clock(), server_connection_->random_generator(),
                    server_session_->config(), &server_crypto_config_, options);
            }

            QuicCryptoServerStream* server_stream()
            {
                return server_session_->GetCryptoStream();
            }

            QuicCryptoClientStream* client_stream()
            {
                return client_session_->GetCryptoStream();
            }

            // Initializes a fake client, and all its associated state, for
            // testing.  May be called multiple times.
            void InitializeFakeClient(bool supports_stateless_rejects)
            {
                TestQuicSpdyClientSession* client_session = nullptr;
                helpers_.push_back(new MockQuicConnectionHelper);
                alarm_factories_.push_back(new MockAlarmFactory);
                CreateClientSessionForTest(
                    server_id_, supports_stateless_rejects,
                    QuicTime::Delta::FromSeconds(100000), supported_versions_,

                    helpers_.back(), alarm_factories_.back(), &client_crypto_config_,
                    &client_connection_, &client_session);
                CHECK(client_session);
                client_session_.reset(client_session);
            }

            bool AsyncStrikeRegisterVerification()
            {
                if (server_connection_->version() > QUIC_VERSION_32) {
                    return false;
                }
                return GetParam();
            }

            void ConstructHandshakeMessage()
            {
                CryptoFramer framer;
                message_data_.reset(framer.ConstructHandshakeMessage(message_));
            }

            int CompleteCryptoHandshake()
            {
                CHECK(server_connection_);
                CHECK(server_session_ != nullptr);
                return CryptoTestUtils::HandshakeWithFakeClient(
                    helpers_.back(), alarm_factories_.back(), server_connection_,
                    server_stream(), server_id_, client_options_);
            }

            // Performs a single round of handshake message-exchange between the
            // client and server.
            void AdvanceHandshakeWithFakeClient()
            {
                CHECK(server_connection_);
                CHECK(client_session_ != nullptr);

                EXPECT_CALL(*client_session_, OnProofValid(_)).Times(testing::AnyNumber());
                client_stream()->CryptoConnect();
                CryptoTestUtils::AdvanceHandshake(client_connection_, client_stream(), 0,
                    server_connection_, server_stream(), 0);
            }

        protected:
            // Every connection gets its own MockQuicConnectionHelper and
            // MockAlarmFactory,
            // tracked separately from
            // the server and client state so their lifetimes persist through the whole
            // test.
            std::vector<MockQuicConnectionHelper*> helpers_;
            std::vector<MockAlarmFactory*> alarm_factories_;

            // Server state
            PacketSavingConnection* server_connection_;
            std::unique_ptr<TestQuicSpdyServerSession> server_session_;
            QuicCryptoServerConfig server_crypto_config_;
            QuicCompressedCertsCache server_compressed_certs_cache_;
            QuicServerId server_id_;

            // Client state
            PacketSavingConnection* client_connection_;
            QuicCryptoClientConfig client_crypto_config_;
            std::unique_ptr<TestQuicSpdyClientSession> client_session_;

            CryptoHandshakeMessage message_;
            std::unique_ptr<QuicData> message_data_;
            CryptoTestUtils::FakeClientOptions client_options_;
            DelayedVerifyStrikeRegisterClient* strike_register_client_;

            // Which QUIC versions the client and server support.
            QuicVersionVector supported_versions_ = QuicSupportedVersions();
        };

        INSTANTIATE_TEST_CASE_P(Tests, QuicCryptoServerStreamTest, testing::Bool());

        TEST_P(QuicCryptoServerStreamTest, NotInitiallyConected)
        {
            Initialize();
            EXPECT_FALSE(server_stream()->encryption_established());
            EXPECT_FALSE(server_stream()->handshake_confirmed());
        }

        TEST_P(QuicCryptoServerStreamTest, NotInitiallySendingStatelessRejects)
        {
            Initialize();
            EXPECT_FALSE(server_stream()->UseStatelessRejectsIfPeerSupported());
            EXPECT_FALSE(server_stream()->PeerSupportsStatelessRejects());
        }

        TEST_P(QuicCryptoServerStreamTest, ConnectedAfterCHLO)
        {
            // CompleteCryptoHandshake returns the number of client hellos sent. This
            // test should send:
            //   * One to get a source-address token and certificates.
            //   * One to complete the handshake.
            Initialize();
            EXPECT_EQ(2, CompleteCryptoHandshake());
            EXPECT_TRUE(server_stream()->encryption_established());
            EXPECT_TRUE(server_stream()->handshake_confirmed());
        }

        TEST_P(QuicCryptoServerStreamTest, InitialEncryptionAfterCHLO)
        {
            Initialize();
            InitializeFakeClient(/* supports_stateless_rejects= */ false);

            // Do a first handshake in order to prime the client config with the server's
            // information.
            AdvanceHandshakeWithFakeClient();
            EXPECT_FALSE(server_stream()->encryption_established());
            EXPECT_FALSE(server_stream()->handshake_confirmed());

            // Now do another handshake, with the blocking SHLO connection option.
            InitializeServer();
            InitializeFakeClient(/* supports_stateless_rejects= */ false);
            if (FLAGS_quic_default_immediate_forward_secure) {
                client_session_->config()->SetConnectionOptionsToSend({ kIPFS });
            }

            AdvanceHandshakeWithFakeClient();
            EXPECT_TRUE(server_stream()->encryption_established());
            EXPECT_TRUE(server_stream()->handshake_confirmed());
            EXPECT_EQ(ENCRYPTION_INITIAL,
                server_session_->connection()->encryption_level());
        }

        TEST_P(QuicCryptoServerStreamTest, ForwardSecureAfterCHLO)
        {
            Initialize();
            InitializeFakeClient(/* supports_stateless_rejects= */ false);

            // Do a first handshake in order to prime the client config with the server's
            // information.
            AdvanceHandshakeWithFakeClient();
            EXPECT_FALSE(server_stream()->encryption_established());
            EXPECT_FALSE(server_stream()->handshake_confirmed());

            // Now do another handshake, with the blocking SHLO connection option.
            InitializeServer();
            InitializeFakeClient(/* supports_stateless_rejects= */ false);
            if (!FLAGS_quic_default_immediate_forward_secure) {
                client_session_->config()->SetConnectionOptionsToSend({ kIPFS });
            }

            AdvanceHandshakeWithFakeClient();
            EXPECT_TRUE(server_stream()->encryption_established());
            EXPECT_TRUE(server_stream()->handshake_confirmed());
            EXPECT_EQ(ENCRYPTION_FORWARD_SECURE,
                server_session_->connection()->encryption_level());
        }

        TEST_P(QuicCryptoServerStreamTest, StatelessRejectAfterCHLO)
        {
            ValueRestore<bool> old_flag(&FLAGS_enable_quic_stateless_reject_support,
                true);
            Initialize();

            EXPECT_CALL(*server_connection_,
                CloseConnection(QUIC_CRYPTO_HANDSHAKE_STATELESS_REJECT, _, _));

            InitializeFakeClient(/* supports_stateless_rejects= */ true);
            AdvanceHandshakeWithFakeClient();

            // Check the server to make the sure the handshake did not succeed.
            EXPECT_FALSE(server_stream()->encryption_established());
            EXPECT_FALSE(server_stream()->handshake_confirmed());

            // Check the client state to make sure that it received a server-designated
            // connection id.
            QuicCryptoClientConfig::CachedState* client_state = client_crypto_config_.LookupOrCreate(server_id_);

            ASSERT_TRUE(client_state->has_server_nonce());
            ASSERT_FALSE(client_state->GetNextServerNonce().empty());
            ASSERT_FALSE(client_state->has_server_nonce());

            ASSERT_TRUE(client_state->has_server_designated_connection_id());
            const QuicConnectionId server_designated_connection_id = client_state->GetNextServerDesignatedConnectionId();
            const QuicConnectionId expected_id = server_connection_->random_generator()->RandUint64();
            EXPECT_EQ(expected_id, server_designated_connection_id);
            EXPECT_FALSE(client_state->has_server_designated_connection_id());
            ASSERT_TRUE(client_state->IsComplete(QuicWallTime::FromUNIXSeconds(0)));
        }

        TEST_P(QuicCryptoServerStreamTest, ConnectedAfterStatelessHandshake)
        {
            ValueRestore<bool> old_flag(&FLAGS_enable_quic_stateless_reject_support,
                true);
            Initialize();

            InitializeFakeClient(/* supports_stateless_rejects= */ true);
            AdvanceHandshakeWithFakeClient();

            // On the first round, encryption will not be established.
            EXPECT_FALSE(server_stream()->encryption_established());
            EXPECT_FALSE(server_stream()->handshake_confirmed());
            EXPECT_EQ(1, server_stream()->NumHandshakeMessages());
            EXPECT_EQ(0, server_stream()->NumHandshakeMessagesWithServerNonces());

            // Now check the client state.
            QuicCryptoClientConfig::CachedState* client_state = client_crypto_config_.LookupOrCreate(server_id_);

            ASSERT_TRUE(client_state->has_server_designated_connection_id());
            const QuicConnectionId server_designated_connection_id = client_state->GetNextServerDesignatedConnectionId();
            const QuicConnectionId expected_id = server_connection_->random_generator()->RandUint64();
            EXPECT_EQ(expected_id, server_designated_connection_id);
            EXPECT_FALSE(client_state->has_server_designated_connection_id());
            ASSERT_TRUE(client_state->IsComplete(QuicWallTime::FromUNIXSeconds(0)));

            // Now create new client and server streams with the existing config
            // and try the handshake again (0-RTT handshake).
            InitializeServer();

            InitializeFakeClient(/* supports_stateless_rejects= */ true);

            // In the stateless case, the second handshake contains a server-nonce, so the
            // AsyncStrikeRegisterVerification() case will still succeed (unlike a 0-RTT
            // handshake).
            AdvanceHandshakeWithFakeClient();

            // On the second round, encryption will be established.
            EXPECT_TRUE(server_stream()->encryption_established());
            EXPECT_TRUE(server_stream()->handshake_confirmed());
            EXPECT_EQ(1, server_stream()->NumHandshakeMessages());
            EXPECT_EQ(1, server_stream()->NumHandshakeMessagesWithServerNonces());
        }

        TEST_P(QuicCryptoServerStreamTest, NoStatelessRejectIfNoClientSupport)
        {
            ValueRestore<bool> old_flag(&FLAGS_enable_quic_stateless_reject_support,
                true);
            Initialize();

            // The server is configured to use stateless rejects, but the client does not
            // support it.
            InitializeFakeClient(/* supports_stateless_rejects= */ false);
            AdvanceHandshakeWithFakeClient();

            // Check the server to make the sure the handshake did not succeed.
            EXPECT_FALSE(server_stream()->encryption_established());
            EXPECT_FALSE(server_stream()->handshake_confirmed());

            // Check the client state to make sure that it did not receive a
            // server-designated connection id.
            QuicCryptoClientConfig::CachedState* client_state = client_crypto_config_.LookupOrCreate(server_id_);

            ASSERT_FALSE(client_state->has_server_designated_connection_id());
            ASSERT_TRUE(client_state->IsComplete(QuicWallTime::FromUNIXSeconds(0)));
        }

        TEST_P(QuicCryptoServerStreamTest, ZeroRTT)
        {
            Initialize();
            InitializeFakeClient(/* supports_stateless_rejects= */ false);

            // Do a first handshake in order to prime the client config with the server's
            // information.
            AdvanceHandshakeWithFakeClient();

            // Now do another handshake, hopefully in 0-RTT.
            DVLOG(1) << "Resetting for 0-RTT handshake attempt";
            InitializeFakeClient(/* supports_stateless_rejects= */ false);
            InitializeServer();

            client_stream()->CryptoConnect();

            if (AsyncStrikeRegisterVerification()) {
                EXPECT_FALSE(client_stream()->handshake_confirmed());
                EXPECT_FALSE(server_stream()->handshake_confirmed());

                // Advance the handshake.  Expect that the server will be stuck waiting for
                // client nonce verification to complete.
                pair<size_t, size_t> messages_moved = CryptoTestUtils::AdvanceHandshake(
                    client_connection_, client_stream(), 0, server_connection_,
                    server_stream(), 0);
                EXPECT_EQ(1u, messages_moved.first);
                EXPECT_EQ(0u, messages_moved.second);
                EXPECT_EQ(1, strike_register_client_->PendingVerifications());
                EXPECT_FALSE(client_stream()->handshake_confirmed());
                EXPECT_FALSE(server_stream()->handshake_confirmed());

                // The server handshake completes once the nonce verification completes.
                strike_register_client_->RunPendingVerifications();
                EXPECT_FALSE(client_stream()->handshake_confirmed());
                EXPECT_TRUE(server_stream()->handshake_confirmed());

                messages_moved = CryptoTestUtils::AdvanceHandshake(
                    client_connection_, client_stream(), messages_moved.first,
                    server_connection_, server_stream(), messages_moved.second);
                EXPECT_EQ(1u, messages_moved.first);
                EXPECT_EQ(1u, messages_moved.second);
                EXPECT_TRUE(client_stream()->handshake_confirmed());
                EXPECT_TRUE(server_stream()->handshake_confirmed());
            } else {
                CryptoTestUtils::CommunicateHandshakeMessages(
                    client_connection_, client_stream(), server_connection_,
                    server_stream());
            }

            EXPECT_EQ(1, client_stream()->num_sent_client_hellos());
        }

        TEST_P(QuicCryptoServerStreamTest, FailByPolicy)
        {
            FLAGS_quic_enable_chlo_policy = true;
            FLAGS_quic_require_fix = false;
            Initialize();
            InitializeFakeClient(/* supports_stateless_rejects= */ false);

            EXPECT_CALL(*server_session_->helper(), CanAcceptClientHello(_, _, _))
                .WillOnce(testing::Return(false));
            EXPECT_CALL(*server_connection_,
                CloseConnection(QUIC_HANDSHAKE_FAILED, _, _));

            AdvanceHandshakeWithFakeClient();
        }

        TEST_P(QuicCryptoServerStreamTest, MessageAfterHandshake)
        {
            FLAGS_quic_require_fix = false;
            Initialize();
            CompleteCryptoHandshake();
            EXPECT_CALL(
                *server_connection_,
                CloseConnection(QUIC_CRYPTO_MESSAGE_AFTER_HANDSHAKE_COMPLETE, _, _));
            message_.set_tag(kCHLO);
            ConstructHandshakeMessage();
            server_stream()->OnStreamFrame(
                QuicStreamFrame(kCryptoStreamId, /*fin=*/false, /*offset=*/0,
                    message_data_->AsStringPiece()));
        }

        TEST_P(QuicCryptoServerStreamTest, BadMessageType)
        {
            FLAGS_quic_require_fix = false;
            Initialize();

            message_.set_tag(kSHLO);
            ConstructHandshakeMessage();
            EXPECT_CALL(*server_connection_,
                CloseConnection(QUIC_INVALID_CRYPTO_MESSAGE_TYPE, _, _));
            server_stream()->OnStreamFrame(
                QuicStreamFrame(kCryptoStreamId, /*fin=*/false, /*offset=*/0,
                    message_data_->AsStringPiece()));
        }

        TEST_P(QuicCryptoServerStreamTest, ChannelID)
        {
            Initialize();

            client_options_.channel_id_enabled = true;
            client_options_.channel_id_source_async = false;
            // CompleteCryptoHandshake verifies
            // server_stream()->crypto_negotiated_params().channel_id is correct.
            EXPECT_EQ(2, CompleteCryptoHandshake());
            EXPECT_TRUE(server_stream()->encryption_established());
            EXPECT_TRUE(server_stream()->handshake_confirmed());
        }

        TEST_P(QuicCryptoServerStreamTest, ChannelIDAsync)
        {
            Initialize();

            client_options_.channel_id_enabled = true;
            client_options_.channel_id_source_async = true;
            // CompleteCryptoHandshake verifies
            // server_stream()->crypto_negotiated_params().channel_id is correct.
            EXPECT_EQ(2, CompleteCryptoHandshake());
            EXPECT_TRUE(server_stream()->encryption_established());
            EXPECT_TRUE(server_stream()->handshake_confirmed());
        }

        TEST_P(QuicCryptoServerStreamTest, OnlySendSCUPAfterHandshakeComplete)
        {
            // An attempt to send a SCUP before completing handshake should fail.
            Initialize();

            server_stream()->SendServerConfigUpdate(nullptr);
            EXPECT_EQ(0, server_stream()->NumServerConfigUpdateMessagesSent());
        }

        TEST_P(QuicCryptoServerStreamTest, SendSCUPAfterHandshakeComplete)
        {
            FLAGS_quic_use_hash_in_scup = true;
            Initialize();

            InitializeFakeClient(/* supports_stateless_rejects= */ false);

            // Do a first handshake in order to prime the client config with the server's
            // information.
            AdvanceHandshakeWithFakeClient();

            // Now do another handshake, with the blocking SHLO connection option.
            InitializeServer();
            InitializeFakeClient(/* supports_stateless_rejects= */ false);
            AdvanceHandshakeWithFakeClient();

            // Send a SCUP message and ensure that the client was able to verify it.
            EXPECT_CALL(*client_connection_, CloseConnection(_, _, _)).Times(0);
            server_stream()->SendServerConfigUpdate(nullptr);
            CryptoTestUtils::AdvanceHandshake(client_connection_, client_stream(), 1,
                server_connection_, server_stream(), 1);

            EXPECT_EQ(1, server_stream()->NumServerConfigUpdateMessagesSent());
            EXPECT_EQ(1, client_stream()->num_scup_messages_received());
        }

        TEST_P(QuicCryptoServerStreamTest, DoesPeerSupportStatelessRejects)
        {
            Initialize();

            ConstructHandshakeMessage();
            QuicConfig stateless_reject_config = DefaultQuicConfigStatelessRejects();
            stateless_reject_config.ToHandshakeMessage(&message_);
            EXPECT_TRUE(
                QuicCryptoServerStreamPeer::DoesPeerSupportStatelessRejects(message_));

            message_.Clear();
            QuicConfig stateful_reject_config = DefaultQuicConfig();
            stateful_reject_config.ToHandshakeMessage(&message_);
            EXPECT_FALSE(
                QuicCryptoServerStreamPeer::DoesPeerSupportStatelessRejects(message_));
        }

        TEST_P(QuicCryptoServerStreamTest, TokenBindingNegotiated)
        {
            Initialize();

            client_options_.token_binding_enabled = true;
            CompleteCryptoHandshake();
            EXPECT_EQ(
                kP256,
                server_stream()->crypto_negotiated_params().token_binding_key_param);
            EXPECT_TRUE(server_stream()->encryption_established());
            EXPECT_TRUE(server_stream()->handshake_confirmed());
        }

        TEST_P(QuicCryptoServerStreamTest, NoTokenBindingWithoutClientSupport)
        {
            Initialize();

            CompleteCryptoHandshake();
            EXPECT_EQ(
                0u, server_stream()->crypto_negotiated_params().token_binding_key_param);
            EXPECT_TRUE(server_stream()->encryption_established());
            EXPECT_TRUE(server_stream()->handshake_confirmed());
        }

        TEST_P(QuicCryptoServerStreamTest, CancelRPCBeforeVerificationCompletes)
        {
            // Tests that the client can close the connection while the remote strike
            // register verification RPC is still pending.

            // Set version to QUIC_VERSION_25 as QUIC_VERSION_26 and later don't support
            // asynchronous strike register RPCs.
            supported_versions_ = { QUIC_VERSION_25 };
            Initialize();
            if (!AsyncStrikeRegisterVerification()) {
                return;
            }
            InitializeFakeClient(/* supports_stateless_rejects= */ false);

            // Do a first handshake in order to prime the client config with the server's
            // information.
            AdvanceHandshakeWithFakeClient();

            // Now start another handshake, this time the server will attempt to verify
            // the client's nonce with the strike registers.
            InitializeFakeClient(/* supports_stateless_rejects= */ false);
            InitializeServer();
            client_stream()->CryptoConnect();
            EXPECT_FALSE(client_stream()->handshake_confirmed());
            EXPECT_FALSE(server_stream()->handshake_confirmed());

            // Advance the handshake.  Expect that the server will be stuck waiting for
            // client nonce verification to complete.
            CryptoTestUtils::AdvanceHandshake(client_connection_, client_stream(), 0,
                server_connection_, server_stream(), 0);
            EXPECT_EQ(1, strike_register_client_->PendingVerifications());
            EXPECT_FALSE(client_stream()->handshake_confirmed());
            EXPECT_FALSE(server_stream()->handshake_confirmed());

            // While waiting for the asynchronous verification to complete, the client
            // decides to close the connection.
            server_session_->connection()->CloseConnection(
                QUIC_NO_ERROR, "", ConnectionCloseBehavior::SILENT_CLOSE);

            // The outstanding nonce verification RPC now completes.
            strike_register_client_->RunPendingVerifications();
        }

    } // namespace

} // namespace test
} // namespace net
